← Back to Home

1. Information We Collect

We collect only the information necessary to provide and improve our services:

For All Users:

• Basic Account Information: Email address, full name, and password (securely hashed)
• Encrypted Journal Content: Your written thoughts, reflections, and introspective journal entries. This content is protected with end-to-end encryption and cannot be read by Healing Journal.
• Exercise and Tracking Data: Information recorded during emotional wellness exercises such as selected emotions, triggers, emotional intensity levels, timestamps, and self-care color selections. This data is stored in standard (non-encrypted) database form in order to enable features such as progress tracking, emotional insights, and visualizations.
• Progress Data: Exercise completion status, streaks, and general usage metrics related to wellness activities.

For Mental Health Specialists:

If you register as a mental health specialist, we collect additional professional information to verify your credentials and help patients find appropriate support:

• Professional Title: Your professional designation (e.g., Psychologist, Therapist, Counselor, Psychiatrist)
• Specialization: Areas of expertise and treatment approaches (e.g., CBT, trauma therapy, anxiety disorders)
• Years of Experience: Length of professional practice to help patients make informed decisions
• Professional Credentials: Licensing information and certifications (verified but not publicly displayed)

3. End-to-End Encryption

Healing Journal uses end-to-end encryption (E2EE) to protect your most private written reflections.

What Is End-to-End Encrypted

• Your personal journal entries, thoughts, and introspective reflections
• Written content you store in the journaling features of the app

This content is encrypted directly on your device before being transmitted to our servers.

• Only you possess the encryption keys needed to decrypt this content
• Healing Journal cannot read, access, or recover your encrypted journal entries
• Your encryption keys are derived from your password and are never stored on our servers

Data That Is NOT End-to-End Encrypted

To enable core features such as progress tracking, emotional insights, and exercise history, certain structured exercise data is stored in standard database form (not end-to-end encrypted).

• Selected emotions during exercises
• Triggers or situations you record
• Emotional intensity ratings
• Self-care color selections
• Exercise completion timestamps

This data is still protected using standard security practices including encrypted connections (HTTPS), secure servers, and strict access controls.

4. How We Use Your Information

General Uses:

• To provide and maintain the Healing Journal service
• To enable features like emotion tracking, progress insights, and calendar views
• To facilitate secure communication between patients and specialists
• To send important service updates and notifications (with your permission)

Specialist Information Uses:

• To display your professional profile to patients searching for mental health support
• To help patients find specialists matching their needs based on specialization and experience
• To verify your credentials and maintain platform integrity
• To enable professional features like appointment scheduling and patient communication

5. Information Sharing and Third-Party Services

Third-Party Service Providers:

We share limited data only with our essential backend provider:

• Secure backend for data storage (E2EE + RLS). No third-party analytics used.

Specialist Profile Visibility:

If you register as a mental health specialist, the following information is visible to patients within the app:

• Full name
• Professional title
• Specialization areas
• Years of experience
• Professional bio (if provided)

Your contact information, licensing details, and other sensitive professional data remain private and are never shared publicly.

6. What We DON'T Do

• We do NOT sell your personal data to third parties
• We do NOT use your journal content for advertising
• We do NOT share your encrypted content with anyone, including specialists, without your explicit consent
• We do NOT track your activity across other websites or apps
• We do NOT share specialist credentials or licensing information publicly

7. Data Storage and Security

We use industry-standard security measures to protect your data:

• All data transmitted over secure HTTPS connections
• Data stored on secure, encrypted servers with row-level security
• Regular security audits and updates
• Access controls and monitoring to prevent unauthorized access
• Specialist credentials are encrypted and verified through secure channels

8. Data Retention

• Your data is retained as long as your account is active
• You can delete individual journal entries, exercises, or your entire account at any time
• When you delete your account or data, it is instantly and permanently removed from our systems
• Encrypted content cannot be recovered after deletion
• Specialist accounts may retain minimal anonymized data for compliance purposes even after deletion

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of non-essential communications
• Withdraw consent at any time
• For specialists: Update your professional information and control profile visibility

10. Children's Privacy

Healing Journal is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

11. Data Controller (GDPR)

For the purposes of the General Data Protection Regulation (GDPR), the data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or how your data is handled, you may contact us at any time.

12. Legal Basis for Processing (EU GDPR)

We process your personal data only when we have a valid legal basis under the GDPR, including:

• Contract necessity — to provide and maintain the core Healing Journal features
• Your consent — for optional communications & notifications
• Legitimate interest — to improve app security, performance, and user experience

We do not use your encrypted journal content for advertising or profiling.

13. Cookies and Tracking Technologies

No Tracking

• No cookies, no cross-app tracking, no analytics services used.

14. Sensitive Data Notice

Your journal entries and reflections may contain sensitive personal information, including emotional wellbeing or mental health related content.

Written journal content is protected using end-to-end encryption and cannot be accessed by Healing Journal.

However, structured exercise data such as selected emotions, triggers, intensity levels, and self-care color selections is stored in standard database form in order to enable progress tracking and insights within the app.

15. Medical Disclaimer

Healing Journal is designed for self-reflection, emotional wellness, and general self-care support.

The app may suggest evidence-based wellness activities such as breathing exercises, grounding techniques, or journaling prompts. However:

• Healing Journal does not provide medical or clinical advice
• The app does not diagnose, treat, or prevent any mental health condition
• The content is not a substitute for professional healthcare or therapy

16. Export Control and Sanctions Compliance

Healing Journal may be subject to applicable export control and economic sanctions laws, including restrictions related to the use of encryption technologies.

By using this service, you agree that you will not access, download, or distribute the app in any jurisdiction where such use is prohibited by law, including regions subject to international sanctions.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes through the app or via email. Your continued use of the app after changes indicates acceptance of the updated policy.

18. Contact Us